FedConnections

Safety and Soundness: Cybersecurity and Payments Risk

November 29, 2017

Cybersecurity remains a key risk in the financial industry, and bankers continue to rate this as a top risk facing their firms. As cybersecurity threats are increasing, wire fraud is also increasing across the Tenth District. We want to take this opportunity to remind financial institutions of sound risk management practices and supervisory expectations regarding electronic funds transfers.

Strong policies and procedures for wires and electronic payments are essential to preventing unauthorized funds transfers. It is crucial that bank personnel are trained to consistently follow policies and procedures. Bank management should also ensure internal and external audits are conducted to review policies and procedures and to confirm that bank employees are routinely following these guidelines. Given that many wire frauds are conducted through social engineering, banks should provide social engineering training for all employees. This includes conducting social engineering testing of staff to ensure employees understand expectations.

Given the increase in wire fraud and the need to contact law enforcement agencies when fraud is suspected, bank management should identify the bank's local FBI and Secret Service agent contacts by visiting the corresponding websites (see below).